[Owasp-board] Interested in your views for HP Fortify security white paper

Tom Brennan tomb at owasp.org
Mon Apr 23 13:27:22 UTC 2012


Thank you but as a board member of OWASP Foundation, we can not endorse or recommend any product or service hence I will withdraw from this.  We support all organization that are helping the mission of OWASP Foundation "Our mission is to make application security visible, so that people and organizations can make informed decisions about true software security risks." and certainly HP is a known brand that is working on that problem as well.  

We appreciate the support of all of our supporters: https://www.owasp.org/index.php/Template:OWASP_Members_Horizontal

But I believe you understand our dilemma on inferred endorsements.

-Brennan


On Apr 23, 2012, at 9:18 AM, Friese, Eric Frederick wrote:

> Not exactly an endorsement. We're not planning on saying "100% of OWASP Board members polled said this report is awesome" =). We're just looking for some other voices besides our own to include in the report.
> 
> Thanks,
> Eric Friese
> 
> -----Original Message-----
> From: Tom Brennan [mailto:tomb at owasp.org] 
> Sent: Monday, April 23, 2012 8:38 AM
> To: Friese, Eric Frederick
> Cc: <tom.brennan at owasp.org>; <michael.coates at owasp.org>; Sean Kirk
> Subject: Re: Interested in your views for HP Fortify security white paper
> 
> Ah so you want a endorsement of sorts from a 3rd party correct?
> 
> 
> On Apr 23, 2012, at 8:27 AM, Friese, Eric Frederick wrote:
> 
>> Tom and Michael,
>> 
>> Rafal's post certainly covers some of our questions. We're looking for credible people in the software security field to validate our conclusions, not necessarily for research. We have plenty of heavyweights at HP that we could quote, but we're trying to show the audience that other people besides HP feel the same way about the risks associated with open source. We appreciate your participation and I look forward to hearing your responses.
>> 
>> Thanks,
>> Eric Friese
>> Senior Software Security Consultant
>> Fortify Software, an HP Company
>> 
>> +1 202 656 8098 / Mobile
>> eric.friese at hp.com / Email
>> 
>> <image001.gif>
>> 
>> 
>> 
>> From: Tom Brennan [mailto:tomb at owasp.org] 
>> Sent: Sunday, April 22, 2012 12:15 AM
>> To: Sean Kirk
>> Cc: <michael.coates at owasp.org>; <tom.brennan at owasp.org>; Friese, Eric Frederick
>> Subject: Re: Interested in your views for HP Fortify security white paper
>> 
>> Some of your questions Dan be pointed back to HP blog http://h30499.www3.hp.com/t5/Following-the-White-Rabbit/Vulnerable-Open-Source-Code-in-the-Enterprise-3-Keys-to-Avoiding/ba-p/5604951
>> 
>> On Apr 20, 2012, at 6:14 PM, Sean Kirk <sean at seankirk.com> wrote:
>> 
>> Hello, Michael and Tom:
>> 
>> I'm an independent tech writer who's been engaged by HP Enterprise Security Products -- specifically the HP Fortify business -- to write a white paper on the topic of open source software security.  Unlike other aspects of software security, there's not been much in the way of recently published studies on this topic, so we're interested in speaking directly with a few experts in this area to collect perspectives and opinions.
>> 
>> My clients at HP Fortify have suggested that with your expertise in software security, you would be an excellent resource for this paper.  Would one or both of you be amenable to participating in a brief interview with me, either by phone or email, that would help guide the contents of this open source software security white paper? Your help would be much appreciated, and we will share a draft of the paper with you for review and approval prior to publishing anything.
>> 
>> If you're interested in sharing your views, I'll send along a list of questions and we can take it from there.
>> 
>> Kind regards,
>> 
>> Sean
>> 
>> Sean Kirk
>> Commercial Writing & Consulting
>> sean at seankirk.com
>> 206-284-3679
>> 
> 
> 
> Tom Brennan
> International Board of Directors 
> OWASP Foundation
> (t) 973-202-0122
> (e) tomb at owasp.org
> (w) http://www.owasp.org
> 
> 
> 
> 
> 
> 


Tom Brennan
International Board of Directors 
OWASP Foundation
(t) 973-202-0122
(e) tomb at owasp.org
(w) http://www.owasp.org








More information about the Owasp-board mailing list